Certified Information Privacy Professional (CIPP) Practice Questions 2025 – All-in-One Guide to Exam Success!

The correct choice, the data custodian, highlights the role responsible for the management, protection, and maintenance of data within an organization. Data custodians ensure that data is stored securely, stored in compliance with relevant regulations and policy requirements, and is made available to authorized users while protecting it from unauthorized access or breaches. This role often involves implementing technical measures to safeguard data, carrying out back-ups, and managing data retention policies.

In contrast, the data subject is an individual whose personal data is processed, thus not involved in stewardship or protection of data. The data controller is the entity that determines the purpose and means of processing personal data, focusing more on the strategic aspects of data management rather than the day-to-day protection of data. The data processor operates on behalf of the data controller, handling the data but without the responsibility for data protection or stewardship in the same capacity as a data custodian. Therefore, the role of a data custodian is specifically tied to safeguarding the organization’s data assets.